'Re: [Openswan Users] Basic Openswan question'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openswan-users
Subject:    Re: [Openswan Users] Basic Openswan question
From:       Ladi <mafja () yahoo ! com>
Date:       2006-11-30 1:09:49
Message-ID: 20061130010949.38290.qmail () web32913 ! mail ! mud ! yahoo ! com
[Download RAW message or body]

Hi Paul,

I didn't really do any sniffing but what i'm sure of is that if i try to disable the \
IPSec policy on the client (and on the server it is still enabled) then i won't be \
able to connect. If the policy is enabled on both sides (server and client) then then \
i can connect to the terminal server. 

Whether the policies are enabled on client and server or disabled on the client and \
enabled on the server, I'm still able to connect for example to ftp or ping without \
any problem (because i only filtered TCP port 3389).

Anyways i'll try to sniff the traffic and see what is going on. 

Thanks a lot,
Ladi

--------------
If you can't be a highway, be a trail. If you can't be the sun, be a star. It is not \
by size, that you win or fail. Be the best of what you are!

----- Original Message ----
From: Paul Wouters <paul@xelerance.com>
To: Ladi <mafja@yahoo.com>
Cc: users@openswan.org
Sent: Thursday, November 30, 2006 8:51:53 AM
Subject: Re: [Openswan Users] Basic Openswan question

On Tue, 28 Nov 2006, Ladi wrote:

> I'm new to IPSec and it's true, i'm a bit confused. I know that IPSec operates on \
> two modes, tunnel and transport mode. 
> I managed to secure the connection to the terminal server in WinXP -> Win 2k3 \
> server and i didn't have to specify a VPN. In the win2k3 server machine i configure \
> the IPSec policy to receive only IPSec traffic (using certificates) on the TCP port \
> 3389 (for terminal server) for all the connections. And from the client side (Win \
> XP) i specify to use IPSec with certificate for all the traffic going out to TCP \
> 3389. In this way someone can connect to the terminal server from any place and \
> still can connect as far as (s)he has the right certificates. To be honest with you \
> i don't know which mode this is (sorry for my ignorance).

If it is ipsec, it is a transport mode or tunnel mode ipsec connection. Sniff between \
the machines and see what you find. I'm pretty sure it will not be port 3389 if it is \
using ipsec policies.

Paul





 
____________________________________________________________________________________
Yahoo! Music Unlimited
Access over 1 million songs.
http://music.yahoo.com/unlimited


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic